COMMAND

    in.talkd(8)

SYSTEMS AFFECTED

    Any systems with a world writable utmp file.

PROBLEM

    in.talkd can be used to destroy any file. This is how to do it:

    1) change /etc/utmp. Create an entry that have your favorite  file
       to destroy instead of a tty-line.

    2) talk to the user with the patched entry in utmp.

    3) The  file  is  truncated.  This  is yet another example of  the
       evil of having utmp writable for everybody.

SOLUTION

    Make  utmp  not  world  writable,  this  most  probably will brake
    something else, but it is "The Right Thing".